惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

L
LINUX DO - 最新话题
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
PCI Perspectives
PCI Perspectives
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
H
Heimdal Security Blog
S
Security @ Cisco Blogs
N
News | PayPal Newsroom
J
Java Code Geeks
罗磊的独立博客
Security Archives - TechRepublic
Security Archives - TechRepublic
N
News and Events Feed by Topic
V
V2EX
WordPress大学
WordPress大学
Google Online Security Blog
Google Online Security Blog
N
News and Events Feed by Topic
www.infosecurity-magazine.com
www.infosecurity-magazine.com
月光博客
月光博客
AI
AI
小众软件
小众软件
The GitHub Blog
The GitHub Blog
MongoDB | Blog
MongoDB | Blog
A
Arctic Wolf
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
美团技术团队
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Hacker News - Newest:
Hacker News - Newest: "LLM"
T
Tailwind CSS Blog
S
Schneier on Security
博客园 - 三生石上(FineUI控件)
F
Full Disclosure
B
Blog RSS Feed
Forbes - Security
Forbes - Security
S
SegmentFault 最新的问题
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
人人都是产品经理
人人都是产品经理
云风的 BLOG
云风的 BLOG
Jina AI
Jina AI
Cisco Talos Blog
Cisco Talos Blog
U
Unit 42
Project Zero
Project Zero
H
Hacker News: Front Page
Y
Y Combinator Blog
Application and Cybersecurity Blog
Application and Cybersecurity Blog
The Cloudflare Blog
大猫的无限游戏
大猫的无限游戏
S
Secure Thoughts
The Hacker News
The Hacker News
Microsoft Azure Blog
Microsoft Azure Blog

Privacy & Cybersecurity Law Blog

New Hampshire Amends the NHDPA to Prohibit the Sale of Children’s Personal Data Canada’s Proposed Social Media Ban for Children and Chatbot Regulation: Bill C-34’s Impact on Platforms European Commission Unveils Cybersecurity and AI Action Plan European Commission Refers Four Member States to CJEU Over NIS2 Transposition Delays EDPB Opens Public Consultation on New Personal Data Breach Notification Template European Commission Advances New Proposal to Expand Cloud Capacity and AI Infrastructure U.S. Supreme Court FTC Ruling Prompts Fresh Scrutiny of EU-U.S. Data Privacy Framework China Issues New Measures for Network Data Security Risk Assessment China Issues Regulations on Internet Content Multi-Channel Network Distribution Services China’s First Regulatory Framework for Virtual Companions Soon to Take Effect UK Data Protection Complaints Obligations Take Effect Vermont Enacts Significant Amendments to Data Broker Legislation Vermont Becomes 23rd State with Comprehensive Consumer Privacy Law Louisiana Enacts Comprehensive Consumer Privacy Law Connecticut Signs Comprehensive AI Bill into Law China CAC Issues Guidance on Conducting Audits Technology Companies Should Prepare for FTC Enforcement of Take It Down Act HHS Reorganizes Office for Civil Rights Oregon Prohibition on Public Body Disclosures to Data Brokers for Federal Immigration Purposes Now In Effect Connecticut Privacy Law Updates: Data Broker Rules, Geolocation Sale Ban, Surveillance Pricing Restrictions, and Genetic Data Regulations NYDFS Warns of Cybersecurity Risks from Frontier AI Models UK and Australia Announce Memorandum of Understanding on AI Security FTC Announces Settlements With Three Marketing Firms Over Allegations of Deceptive Statements About Active Listening AI-Powered Services Cybersecurity Authorities Issue Joint Guidance on the Adoption of Agentic AI Systems Colorado AI Act Amended and Effective Date Delayed European Commission Releases Draft Guidelines on High-Risk AI Under the EU AI Act Texas AG Announces Lawsuit Against Netflix for Alleged Misrepresentations Regarding User Data UK ICO Recommends Targeted Changes to PECR Rules for Online Advertising California AG Announces Record $12.75M Settlement with GM over CCPA Data Minimization and Purpose Limitation Violations Illinois Department of Human Rights Issues Regulations Governing the Use of AI in Employment Decisions Delta Dental Agrees to $2.25 Million Settlement with NYDFS Over MOVEit Data Breach Response UK ICO Publishes Guidance on Storage and Access Technologies CIPL Report Discusses Significant Alignment between GDPR and Global CBPR CalPrivacy Announces the Agenda for its April 30–May 1 Board Meeting CalPrivacy Requests Preliminary Comments on Notices & Disclosures, Employee Data COPPA Rule Amendment Compliance Deadline Approaches House Republicans Introduce Comprehensive Federal Privacy Bill: “SECURE Data Act” Kentucky Classifies Smart TV Data as Sensitive Alabama Becomes 21st State With Comprehensive Consumer Privacy Law CalPrivacy Director Expects CCPA Compliance Audits in 2026 Virginia Bans Sale of Geolocation Data HHS’ Office for Civil Rights Settles HIPAA Investigation of Health Care Software Company New Jersey Enacts New Restrictions on Health Care Facilities’ Use of Patient Data Washington State Enacts Law Regulating AI Companion Chatbots with Private Right of Action Guardrails for Legal AI: What California’s SB 574 Would Require of Attorneys and Arbitrators
Maryland Enacts First-of-its-Kind Ban on Surveillance Pricing for Grocery Sales
2026-05-06 · via Privacy & Cybersecurity Law Blog

On April 28, 2026, Maryland Governor Wes Moore signed into law House Bill 895, the Protection From Predatory Pricing Act (the “Act”), which regulates certain personalized pricing practices used by grocery stores and grocery delivery services. Notably, the Act places substantive limits on how covered businesses may use consumers’ personal data in setting food prices and on certain uses of personal data of members of legally protected classes.

The Act takes effect on October 1, 2026.

Scope of the Act

The Act applies to “food retailers” and “third-party delivery service providers.” A “food retailer” is defined as a merchant operating a business establishment with at least 15,000 square feet that sells food exempt from Maryland sales and use tax under Tax-General § 11-206(c) (i.e., grocery stores). A “third-party delivery service provider” refers to a business that, as a service to consumers, arranges for the delivery of food that qualifies for exemption from sales and use tax under the same provision.

Prohibition on Dynamic Pricing

The Act prohibits food retailers and third-party delivery service providers from using dynamic pricing to set the price of groceries, or to set a higher price for groceries for specific consumers. “Dynamic pricing” means “offering or setting a personalized price for a good or service that is specific to a consumer based on the consumer’s personal data, regardless of whether the seller collected or purchased the personal data.” (The Act incorporates the Maryland Online Data Privacy Act’s definition of “personal data,” meaning information linked or reasonably linkable to an identified or identifiable consumer.)

The Act separately prohibits using the personal data of members of legally protected classes to offer, advertise, or sell consumer goods or services where such use results in a consumer being denied or withheld an accommodation, advantage, or privilege provided to others.

Key Exceptions

The Act’s prohibitions on dynamic pricing do not apply to promotional pricing offers, loyalty or rewards program benefits, subscription-based contracts, or other temporary discounts or pricing changes related to the retention of existing customers. The Act’s dynamic pricing restrictions also do not apply to price differences based on objective criteria, such as costs attributable to (i) serving different consumers (e.g., shipping costs or taxes based on a consumer’s physical location); (ii) costs or differences in supply or demand associated with providing a good or service in different locations; (iii) costs associated with the availability or supply of a good or service; and (iv) corrections resulting from pricing errors.

Additionally, the Act permits food retailers and third-party delivery service providers to offer prices to consumers who consent to provide their personal data or other information in exchange for obtaining the relevant price.

Enforcement

The Maryland Attorney General is responsible for enforcing the Act. The Act provides a guaranteed 45-day cure period with no sunset. The Act does not provide for a private right of action. Violators who fail to cure within the 45-day period may be subject to civil penalties of up to $10,000 per violation or, up to $25,000 per violation for repeat offenders.

State Trends

Other states, such as California (AB-2564), Colorado (HB26-1210), Illinois (SB-2255), New Jersey (SB-3612) and New York (SB-S8623), are considering introducing surveillance pricing bans similar to Maryland's.

In addition to surveillance pricing bans, restrictions on algorithmic pricing are increasing throughout the U.S. For example, New York recently enacted a law that imposes new disclosure requirements on the use of AI for algorithmic pricing.

Takeaways

The Act is the first state law to directly prohibit certain personalized pricing practices, rather than simply requiring disclosures requiring the use of such pricing. The law’s breadth, along with its many exceptions, means that businesses will need to carefully assess whether existing pricing practices are subject to the Act’s restrictions and requirements.